Mobile payments in U.S.: Creative chaos or just chaos?

The day is nearing, many say, when your smartphone will be your wallet, letting you make purchases as stored cash or credit that will be wirelessly accepted by stores or soda machines.

Dorsey fired back, calling it "not a fair or accurate claim and it overlooks all of the protections already built into your credit card," noting the waiter "could easily steal your card details if he wanted to -- no technology required."

But beyond this slugfest, which pits an industry veteran against a newcomer, fateful decisions on mobile-payment security are expected to be made by the Payment Card Industry Security Standards Council, which sets rules for merchants and processors.

Earlier this year, the council quietly "de-listed" all approved applications for mobile payments that had included in its PA-DSS certification program -- including the VeriFone smartphone-based product for the iPhone. The council says it made this decision to de-list them entirely because it is embarking on a total review of mobile-payment security.

"The rapid development and deployment of these new and innovative mobile payment technologies has brought a level of complexity to the industry never seen before and has introduced a new set of risks and threats that may affect the security of cardholder data," said Bob Russo, general manager of the council. He said the "technology is still evolving, and there hasn't yet been any standardization when it comes to securing the applications and devices."